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Provision of Transparent Proxy Services 



To A User Of A Client Device 



NOTICE OF COPYRIGHTS AND TRADE DRESS 

[0001] A portion of the disclosure of this patent document contains material, which is 
subject to copyright protection. This patent document may show and/or describe matter, 
which is or may become trade dress of the owner. The copyright and trade dress owner has 
no objection to the facsimile reproduction by any one of the patent disclosure, as it appears in 
the Patent and Trademark Office patent files or records, but otherwise reserves all copyright 
and trade dress rights whatsoever. 

RELATED APPLICATION INFORMATION 

This application claims the benefit of United States Provisional Application Number 
60/136,734, filed May 28, 1999, which is incorporated herein by reference. 

This application is a continuation-in-part of US Application No. 09/579,787, filed 
May 26, 2000 and entitled "Method And Apparatus For Surrogate Control Of Network-Based 
Electronic Transactions," which is incorporated herein by reference. 
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BACKGROUND OF THE INVENTION 
Field Of The Invention 

[0002] This invention relates to proxy services provided on a network. 
Description Of Related Art 

[0003] The rapid growth and expansion of network and Internet technologies has 
facilitated electronic commerce transactions, particularly in the area of consumer retail goods. 
Taking advantage of the widespread availability of the Internet, numerous retailers have gone 
online with retail shopping sites on the World Wide Web. These sites allow consumers to 
shop easily and conveniently from the comfort of their homes and offices. However, access 
to electronic shopping is limited to those possessing specific forms of credit or cash that can 
be transferred electronically. 

[0004] Numerous non-cash techniques are typically used for executing purchase 
transactions among purchasers and online merchants. Indeed, numerous types of credit cards 
and banking cards are in widespread use. For example, a credit card can be used to effect 
online purchases, with the transaction being paid for by a credit card clearing house or bank 
and creating a credit obligation for the owner of the credit card. Another type of card which 
looks like a credit card but functions differently is the debit card. The debit card is used 
much like a credit card in that it is tendered by the purchaser to an online merchant for 
payment. Payment is effected from a bank to the merchant and the funds are deducted 
directly from the card holder's bank account. 
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[0005] However, the problem with credit cards and debit cards is that certain conditions 
have to be met for issuance, conditions that can include restrictions on age and financial 
criteria. As a result, many consumers do not meet the requirements for credit card or debit 
card issuance, thereby eliminating them from the ranks of online shoppers. Furthermore, the 
negative security implications associated with exposing credit card or debit card account 
numbers over a public network like the Internet make many consumers uncomfortable. Thus, 
while many of these consumers have the technology and financial resources available, they 
are put out of reach of online merchants because they do not have a particular form of 
financial resources. 

[0006] As an alternative to cash and credit cards, stored value cards are now available. 
Stored value cards require the purchase of a card which looks much like a credit card, but 
which has a limited amount of available value to be spent. The balance is contained in a 
magnetic strip or computer chip in the card. As the stored value card is used, the remaining 
balance on the card is depleted. However, like some debit cards, stored value cards do not 
enjoy the functionality of credit cards in many business transactions, particularly electronic 
commerce purchases. 

[0007] One possible solution to this problem for some, particularly minor children, is 
found in secondary credit cards. A credit card holder may obtain one or more secondary 
credit cards from the issuer, as for example for family members, that are linked to the main 
credit card. The secondary credit cards are functionally identical to the main credit card in all 
respects and, indeed, typically bear the same account number and differ from the primary 
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card only in the name of the person who is authorized to use the secondary card. Any 
purchases made with the secondary credit cards are debited against the credit limit of the 
single account in which the primary and secondary cards are issued. Thus, the main or 
primary cardholder has no control over the spending power or abilities of the secondary credit 
cards linked to his card, beyond the fact that the total of all debts incurred by all cards on the 
account cannot exceed the credit limit of the main credit card. 

[0008] These secondary credit cards, therefore, are problematic because the secondary 
cardholders can quickly accumulate a significant outstanding balance on the main credit card 
account, thus reducing the main cardholder's spending power. Most importantly, the main 
cardholder is not aware of the decrease in the available credit or spending limit as a result of 
expenditures by a secondary cardholder. Consequently, there is a need for a system or service 
that enables those without a credit card, for example teenage children, to shop and buy at 
online merchants without requiring a credit card. 

[0009] A typical proxy server operates as a non-transparent proxy where the browser 
knows it is using a proxy. 
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SUMMARY OF THE INVENTION 

[0010] A method and apparatus for surrogate control of electronic commerce transactions 
are provided that include a proxy server through which an individual without a credit card is 
enabled to shop at online merchant sites. Upon opening an account within the proxy server, 
the account can be funded using numerous fund sources, for example credit cards, checking 
accounts, money orders, gift certificates, incentive codes, online currency, coupons, and 
stored value cards. A user with a funded account can shop at numerous remote servers 
through the proxy server using a typical client computer World Wide Web (web) browser. 
When merchandise is selected for purchase, a purchase transaction is executed in which a 
credit card belonging to the proxy server is assigned to the user. The assignment can be 
permanent or temporary. The credit card is loaded with funds from the user's corresponding 
funded account, and used to complete the purchase transaction. While the proxy server is 
transparent to the user, controls are provided that include monitoring the data streams and, in 
response, controlling the information flow between the user and the merchant sites. 

[0011] According to one aspect of the invention, there is a method of providing 
transparent proxy services to a user of a client device. The client device has a browser for 
retrieving digital content from a data network. The client device, a proxy server and a remote 
server are connected to the data network. According to the method, the proxy server receives 
a first request from the browser for a first unit of digital content. A remote server hostname 
is associated with the remote server. The first request includes the remote server hostname 
for referencing the first unit of digital content. The proxy server requests the first unit of 
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digital content from the remote server. The proxy server receives the first unit of digital 
content from the remote server. The proxy server parses the first unit of digital content for 
references to the remote server. The proxy server modifies at least one reference to the 
remote server in the first unit of digital content to thereby form a modified first unit of digital 
content. This is done by inserting a surrogate server hostname into the at least one reference. 
The surrogate server hostname is different from the remote server hostname. The proxy 
server transmits the modified first unit of digital content to the browser. 

[0012] According to other aspects of the invention, there are provided a proxy server for 
providing transparent proxy services to a user of a client device and a computer program for 
providing transparent proxy services to a user of a client device. 

[0013] Still further objects and advantages attaching to the system and methods will be 
apparent to those skilled in the art from the following particular description. 



J1-4-1-A-US 



7 



DESCRIPTION OF THE DRAWINGS 

[0014] Further objects of this invention, together with additional features contributing 
thereto and advantages accruing therefrom, will be apparent from the following description of 
an embodiment of the present invention which is shown in the accompanying drawings with 
like reference numerals indicating corresponding parts throughout and which is to be read in 
conjunction with the following drawings, wherein: 

[0015] Figure 1 is a block diagram of a system for providing transparent proxy 

services to a user browsing a remote server in accordance with the invention. 
[0016] Figure 2 is a flow chart of a method of providing transparent proxy services in 

accordance with the invention. 

[0017] Figure 3 is a flow chart of a method of modifying a web page in accordance 

with the invention. 
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DETAILED DESCRIPTION OF THE INVENTION 

[0018] Throughout this description, the embodiments and examples shown should be 
considered as exemplars, rather than limitations on the apparatus and methods of the present 
invention. 

[0019] In accordance with the invention, proxy services are provided transparently to a 
user browsing a web site. The method and apparatus of the invention are useful in providing 
a user with a means for making on line purchases without a credit card account, debit account 
or other financial account recognized by the respective merchants. 

[0020] One advantage of the invention is that special software is not required to be 
installed on either the client (user) or merchant end of a transaction. As such, spenders and 
funders are not required to install any software on their personal computers in addition to a 
typical browser. Also, the online merchants are not required to install any special server 
software or modify their web pages in order to accommodate the surrogate transactions. 

The System of the Invention 

[0021] Figure 1 is a block diagram of a system including a proxy server 1 10, client device 
120, remote server 140. A data network 160 interconnects the other components 110, 120, 
140. Different components of the proxy server 110 can be located at different physical 
locations. The system may include more than one client device 120 and remote server 140. 
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[0022] The client device 120 comprise a computer configured to connect to the network 
160 for accessing servers such as the remote server 140. The client device 120 may be, for 
example, a PC running a Microsoft Windows operating system, an Internet appliance, 
network computer (NC), or an appropriately Internet-enabled device such as a portable digital 
assistant (PDA), mobile phone, refrigerator, etc. The particular type of device of the client 
device 120 is not considered to be important. The client device 120 operates a browser 
program 123 for accessing and interacting with other systems. For a PC, this program is a 
web browser such as Microsoft Internet Explorer or Netscape Navigator, and may generate a 
browser display 121 on the client device 120. The program used by the client device 120 for 
accessing and interacting with other systems to obtain digital content from the other systems 
will be generally referred to herein as the "browser" 123. 

[0023] The remote server 140 comprises a server or collection of servers which provide 
online functionality, such as an online retail shopping web site. An identifier is associated 
with the remote server 140 to allow the remote server 140 and digital content on the remote 
server 140 to be identified from the data network 160. For TCP/IP networks, the identifier 
may be a hostname, which is unique within the network. In some cases, the hostname is the 
same as the domain name. 

[0024] The remote server 140 may be accessed and utilized, for example, by the browser 
123. Units of digital content (e.g., web pages) served by the remote server 140 will be 
referred to herein as "remote pages." An identifier may be associated with each remote page 
to allow the remote pages to be identified from the data network 160. Other identifiers may 
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be associated with other objects on the remote server, such as graphic files, to allow these 
other objects to be identified from the data network 160. When used, these identifiers may be 
considered "references" to the respective host (i.e., remote server), web page or other object. 

[0025] For TCP/IP networks, an identifier or reference may be a uniform resource locator 
(URL), and in some circumstances a fully qualified URL. A "fully-qualified" URL includes 
a complete URL, and is in the form "http://hostname/url" or "//hostname/url". For a World 
Wide Web page, this means that the URL includes a hostname plus a path plus the name of 
the resource. For example, consider a web page named "item.html". Consider too a path for 
that web page named "shopping/product". Further consider that the host for the web page is 
"www.netzero.net". Thus, the full-qualified link to this web page is 
"http://www.netzero.net/shopping/product/item.html". 

[0026] The data network 160 may include the Internet, local area networks, wide area 
networks, wired networks, and wireless networks. Separate networks may be provided for 
interconnecting the other components 1 10, 120, 140. 

[0027] The proxy server 110 comprises a server or collection of servers which provide 
the functionality described herein, primarily through software. Like the remote server 140, 
the proxy server 110 may be accessed and utilized, for example, by the browser 121. An 
identifier is associated with the proxy server 110 to allow the proxy server 110 and digital 
content on the proxy server 110 to be identified from the data network 160. For TCP/IP 
networks, the identifier may be a hostname, which is unique within the network. 
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[0028] The proxy server 110 operates transparently between the client device 120 and the 
remote server 140. This means that the user of the client device 120 does not know that the 
proxy server 110 is intercepting the electronic traffic between the client device 120 and the 
remote server 140. The proxy server 110 communicates with the browser 123 and the remote 
server 140 in providing remote pages back to the browser 123. The proxy server 1 10 may 
cache the remote pages, wherein the browser 123 explicitly returns to the proxy server 1 10 
which specifies the remote page or pages to hit. Caching may increase the speed of 
subsequent page hits. 

[0029] As described further below, when a user wishes to access or utilize the remote 
server 140, the user is redirected to the proxy server 110, which proxies all the information 
from the remote server 140 in real time. The proxy server 1 10 may ensure that: 

• the current user is a valid user; 

• user interaction with the remote server 140 always returns control back to the 
proxy server 140; 

• HTTP cookies are processed and proxied; 

• forms on the remote server 140 are automatically filled out; and 

• selected information such as credit card numbers are not available to the client 
device 120. 
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The Methods of the Invention 

[0030] The methods of the invention may be practiced by a user shopping at the remote 
server 140. As described in our co-pending application identified above, a user may register 
with a surrogate shopping service, and indicate that he wishes to begin shopping at the 
remote server 140 from a web site of the surrogate system. This may then cause the proxy 
server 1 10 to become involved. In such circumstances, it may be desirable to modify remote 
pages before they are provided to the browser 123. For example, to ensure that the proxy 
server 1 10 always has control, the proxy server 140 may modify remote pages so that if the 
user clicks on a hyperlink on the modified remote page, the modified remote page causes the 
browser 123 to return to a server of the surrogate system, such as the proxy server 110. 

[0031] Referring now to Figure 2, there is shown a flow chart of a method of providing 
transparent proxy services in accordance with the invention. After the user has requested a 
remote page from the proxy server 110 (step 205), the proxy server 110 may request the 
requested remote page from the remote server 140 (step 210). In response, the remote server 
140 may transmit the remote page to the proxy server 1 10. 

[0032] The remote server 140 may precede the remote page with one or more headers. 
Headers are commonly used in HTTP. The headers may include references to the remote 
server 140 which should be modified (step 215). Certain kinds of headers may cause a new 
page to be loaded. Two such HTTP headers are "Location" and "Content-Location". If there 
is a "Location" header, the proxy server 110 may modify the hostname in the Location 
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header. If there is a "Content-Location" header, the proxy server 110 may modify the 
hostname in the Content-Location header. 

[0033] These modifications and others described below may be made in a number of 
ways. These modifications generally take the form of inserting a surrogate server hostname 
into references to the remote server hostname, and/or replacing the remote server hostname 
with the surrogate server hostname. The surrogate server hostname may be the same as the 
proxy server hostname, or it may be a hostname of another server of the surrogate system. 
The following discussion will include examples of how TCPAP and HTTP references may be 
modified, along with actual examples of how the modifications would appear. In these 
examples, it is assumed that the hostname of the proxy server 1 10 is "proxy.rocketcash.com", 
the hostname of the remote server 140 is "netzero.net" and the reference to the remote server 
140 is a fully qualified URL or hyperlink such as 
"http://www.netzero.net/shopping/product/item.html". 

[0034] In one manner of modification, the surrogate server hostname is appended to the 
hostname of the remote server 140. In the example, the modified reference, is 
"http://www.netzero.net.proxy.rocketcash.com/shopping/product/item.htmr'. 

[0035] In another manner of modification, the surrogate server hostname is inserted into 
reference to the remote page and the hostname of the remote server 140 is made part of the 
local path. Here, the reference is modified so that the surrogate server hostname is the only 
hostname in the reference. In the example, the modified reference is 
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"http://proxy.rocketcash.com/wvw.netzer^^ In this case, when the proxy 

server 110 receives a request with such as reference, the surrogate server hostname can be 
stripped out, and the hostname of the remote server 140 can be drawn from the front of the 
path. 

[0036] A third manner of modification is a variation of the second manner of 
modification, just described. In this modification, two or three additional changes are made. 
First, the hostname of the remote server 140 is made to read backwards. In the example, the 
modified reference is 

"http://proxy.rocketcash.com/ten.orezten. www/shopping/product/item.html". Second, 
periods (".") are changed to slashes ("/") in the hostname of the remote server 140. In the 

example, the modified reference is 

f — 

"http://proxy.rocketcash.com/ten/orezten/www/shopping/product/item.htmr'. A separator, 
such as a caret (" A ") may be inserted between the reversed hostname of the remote server 140 
and the remainder of the path. In the example, the modified reference is 
"http://proxy.rocketcash.com/ten/orezten/www/ A /shopping/product/item.html". 

[0037] It is well know that a cookie may be passed within a header. For such "Set- 
cookie" headers, the proxy server 1 10 may modify the "domain" portion of the cookie if it 
exists. The third manner of modification, just described, provides an effective way to 
manage cookies that are passed between the browser 123 and the remote server 140. When 
cookies are passed from the remote server 140 to the browser 123, they contain an optional 
domain name and path specification. The browser 123 uses these values to determine 
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whether or not to send the cookies back to the remote server 110 on subsequent requests. 
Since the remote server 110 is proxied by the (single) surrogate server hostname (e.g., 
proxy.rocketcash.com), the hostname information in the cookie cannot be used. However, 
since the hostname information for the remote server 140 is specified as the initial segments 
of the URL path, the browser 123 can emulate the hostname functionality by writing the 
hostname information into the path specifier for the cookie. 

[0038] For example, if the domain specifier for a cookie is ".netzero.net", the equivalent 
path specifier would be the reversed version (again, replacing periods with slashes) which 
would be "/ten/orezten/". The domain specifier for the cookie can then be removed. Since 
the path specifier for the cookie now contains the original domain information, the original 
path information is prepended to the cookie value and terminated with a " A " separator. For 
example, if the cookie value is "data" and the path is "/images", the new cookie value would 
be "/images A data". 

[0039] Using this technique, the browser 123 sends cookies that are appropriate for the 
current remote domain, but this may include cookies that would otherwise not have been sent 
if the original path did not match the URL path. As cookies are sent from the browser 123 
back to the remote server 140, the proxy server 110 removes the original path information 
from the cookie value and compares that path with the path of the current URL. If the path 
from the cookie matches the initial path of the current URL, the cookie is forwarded to the 
remote server 140, otherwise it is removed from the HTTP header. 
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[0040] After the headers have been modified (step 215), the proxy server 110 may parse 
the remote page for references (step 220). References in the remote page may then be 
modified in the manner described above to form a modified requested web page (step 225). 

[0041] In the next step of the method, the proxy server 110 serves the modified remote 
page to the browser 123 (step 240). The user may then continue browsing as before (step 
250). 

[0042] If the user selects a modified link in the modified remote page (step 260), then the 
browser 123 requests the page identified by the modified link from the surrogate server (e.g., 
the proxy server 110). The surrogate server should ensure that the remote page which the 
browser 123 expected is served properly to the browser 123. Based on the hostname of the 
modified link, the surrogate server knows that the user actually wants a remote page. Thus, 
the surrogate server strips off the surrogate server's own hostname from the hostname in the 
modified link to form a corrected link (step 270). The surrogate server may perform 
additional processing of the request from the browser 123. For example, the surrogate server 
may remove its hostname from the complete remote hostname, and the new hostname name 
may be used as the target of the proxy operation. Also, because some sites use the http 
"Referer" header for navigation, the surrogate server may remove its hostname from the 
"Referer" header. 

[0043] Next, the proxy server 1 10 requests the remote page identified by the corrected 
link from the remote server 140 (step 210), and processing can continue as described above. 
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[0044] Referring now to Figure 3, there is shown a method of modifying references in a 
remote page in accordance with the invention to thereby form a modified page. According to 
this method, references such as URLs may be modified in the manner described above. 
These references may be within an HTML tag or within a javascript region. With the start of 
the method (step 305), the remote page is loaded and made ready for parsing and 
modification. 

[0045] One useful modification is to have a tag at the top of the modified page which 
provides a general reference to the proxy server hostname (step 310). If the remote page is a 
web page which already has a <BASE HREF— '"> tag, the existing HREF value may be 
modified to point to the proxy server. If there is no such tag, then a <BASE HREF- '"> tag 
may be inserted into the top of the modified page, and set to point to the fully qualified URL 
of the current page, but modified to point to the proxy server. Alternatively, relative and 
absolute references may be modified to be fully qualified, and refer to the proxy server. 

[0046] The modified page may be then parsed for references (step 315), so that the 
references may be modified, if desired. Parsing may be done from top to bottom. If a 
reference is to be displayed by the browser and therefore would be visible to the user, it 
generally need not be modified (step 320). In general, references which are not within an 
HTML tag or within a javascript region are user visible. 

[0047] If a reference is within a block of javascript code, it may be desirable to modify 
the reference. A javascript construct that can force a page reload (step 325) may be modified 
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such that the reference is encapsulated in a call to a special function (step 330). The special 
function may be added to the modified page, with the special function implementing the 
appropriate modifications to the operand of the construct (step 335). The operand may be a 
URL, a function or an expression. For example, constructs such as 
'Uocation.replace(operand)", ".location=operand" and ".location.href=operand" may be 
modified respectively to ".location.replace(_rcFunc(operand))" 5 
Mocation=_rcFunc(operand)" and " location.href=_rcFunc(operand)". Given a fully 
qualified, absolute, or relative URL, the _rcFunc() call may implement the modifications 
described herein. 

[0048] The decision of whether to modify a reference may depend in part on why the 
reference is present. If the reference is associated with an HTML tag such as <SRC- '">, 
<HREF="">, <ACTION= MM >, "<META CONTENT=*#;URL'>" (step 340), then the 
reference may be modified. If the reference appears to be embedded in another reference 
(i.e., an argument to another reference) (step 345), the reference need not be modified. 

[0049] The decision of whether and how to modify a reference may also depend in part 
on the type of reference. If the reference ends with an extension indicating that the content is 
binary data (e.g., .gif, .jpg) (step 350), then the reference should refer to the remote server, 
and may need to be modified accordingly (step 370). 

[0050] If the reference includes a hostname for other than that of the remote server 140 
(step 355), then the reference probably need not be modified. This may occur, for example, if 
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the remote page has an advertiser link to another web site. On the other hand, it may be 
undesirable to permit the user to browse to another web site. Thus, the reference may be 
modified to provide an error message to the user if the user selects the corresponding link. 
[0051] If a reference is not fully qualified (step 360) - a relative reference (e.g., 
"product/item.html") or an absolute link relative to the root (e.g., 
s 7shopping/product/item.htmr') 3 it probably need not be modified. This is because the 
browser will hit the proxy server 1 10 for relative and absolute links to the root. 

[0052] Once it has been determined that a reference should be modified, the 
modifications may be made in the manner described above (step 365). This process may 
continue until all references have been considered. 

[0053] Although exemplary embodiments of the present invention have been shown and 
described, it will be apparent to those having ordinary skill in the art that a number of 
changes, modifications, or alterations to the invention as described herein may be made, none 
of which depart from the spirit of the present invention. All such changes, modifications and 
alterations should therefore be seen as within the scope of the present invention. 



